I recently had to build a system to drop inbound traffic originating from cloudflare ASNs to prevent bad actors using WARP proxies, no legitimate cloudflare traffic usecases for anything inbound.
Getting increasingly sick of cloudflare.
for BadActor in $(curl -A Mozilla "https://api.cloudflare.com/local-ip-ranges.csv"|grep -Ev "::|/32"|awk -F "," '{print $1}'|sort | uniq); do ip route add blackhole "${BadActor}" 2>/dev/null;done
Something similar can be done with AWS EC2
https://ip-ranges.amazonaws.com/ip-ranges.json
[−]VladVladikoff · 2026-07-02 Thu 02:40 UTC ·
link